This is really concerning. How did these attackers gain access to the email addresses of Bitstamp's customers?

I remembered that I stumbled upon a /r/bitcoin thread
a few days ago from a user that warned users of suspicious emails from
Bitstamp. He was wondering how the attackers were able to acquire his
email, since he had given Bitstamp an address unique to them (e.g.
bitstamp1823@ttian.com).

In the thread, eleuthria [1]
confirmed that Bitstamp's support had been somehow compromised through
his experiences with support.

Bitstamp's email list was confirmed stolen ~2 weeks ago, when a boatload of emails claiming to be from support@btcguild.com
(but not sent from any of the BTC Guild mail servers) went out talking
about a 3.201 bitcoin transfer. After replying to the people shouting
at me for being a scammer, I was eventually able to narrow the source of
the leak to Bitstamp at the very least, and likely a few other sources
on top of it.

I informed Bitstamp that they had at least a breach on their email
list, if not the rest of their system. At first they denied it, but in a
follow up they eventually admitted to it.

They then sent out a little security update email mentioning 2FA/password security.

It's already been 2 weeks, and Bitstamp hasn't given any
transparency into this issue. It sure feels like they're pulling off a
Linode, and trying to sweep this under the rug.

Enter your email address to get email alerts about new posts on this site.
Unsubscribe anytime.

Email address is invalid.

3 responses

Wait, what did Linode pull that I missed? I haven't been a customer with them for a while, but I was always very pleased with their service and offerings.

—
Gordon Morehouse

A Linode's sysadmin was allegedly accomplice to allow an online bitcoin wallet service provider to be completely robbed. I think the service was Bitcoinica.
He allegedly abused his power as a sysadmin to steal the private keys (and all bitcoins) of the web wallet service.
Read this:
http://blog.zorinaq.com/?e=67
and you can google more...

—
matt

Wow, I'd heard about the robbery on a Linode - didn't know those details. Thanks.